Virus/Spam/Security News

Review: EVGA SuperNOVA NEX650G 650W Power Supply

Posted by Donster on: 2014-05-16 13:58:17 in category: Virus/Spam/Security News [ Print ]

Author: Paul Johnson @ HardOCP

EVGA does not have a lot to say about its SuperNOVA NEX650G Gold Power Supply. It does however mention it being designed with enthusiast needs, and this PSU being the "the best choice to power next generation enthusiast computers" with exceptional features, and stunning efficiency. We of course will be the judge of those claims.

Read The Review Here

News Source: Email

FBI Warns of Beta Bot Malware

Posted by Donster on: 2013-09-27 15:20:28 in category: Virus/Spam/Security News [ Print ]

By Eduard Kovacs @ Softpedia

The FBI’s Internet Crime Complaint Center (IC3) has published an alert to warn users about a relatively new piece of malware dubbed Beta Bot. Beta Bot is mainly used by cybercriminals to steal personal and financial information. Social media sites, e-commerce sites, banks and online payment platforms are the main targets.

What’s interesting about this threat is that it’s designed to disable antivirus applications, and block users from accessing security websites that might help them clean up the infection.

Beta Bot is distributed via various methods, including USB drives or via Skype (users are redirected to malicious websites). The infection can start with a legitimate-looking fake User Account Control window which requests permission to allow “Windows Command Processor” to make changes to the system. If the victim complies, the attackers gain access to their system.

Read more...

News Source: Email

Mozilla Patches Firefox 18, Now Stable

Posted by Donster on: 2013-01-21 14:53:36 in category: Virus/Spam/Security News [ Print ]

Source: HotHardware

Right on the heels of the Firefox 18 update, which patched a disconcerting 21 security flaws, a new Firefox update has been released. The new patch focuses on resolving glitches and makes Firefox 18 stable. Version 18.0.1 should update automatically, but if it doesn’t, snag it HERE.

The most important fix applies to a HTTP Proxy Transactions problem, which could hinder or stop browsing in a worst-case scenario. Two other big fixes are only for Firefox on Apple systems. The Unity player plugin was crashing on Mac OS X, and the browser was having trouble with certain high-resolution Apple screens.

Plenty of known issues remain, including a bug that makes Gmail’s main screen scroll slowly, as well as a glitch that can tank Microsoft System Restore, but all-in-all, this update is worthwhile.

News Source: Email

New Java Zero-Day Exploit Kit Peddled for 5 Grand

Posted by Donster on: 2013-01-17 14:49:27 in category: Virus/Spam/Security News [ Print ]

By Mike S. @ Legit Reviews

Only three days ago on Sunday, Oracle patched yet another major zero-day security flaw in Java. The company isn't known for being keen on patching software vulnerabilities in its Java software and usually takes its time, but this one was so serious that they issued one very quickly and not according to any usual time schedule. In fact, the US Department of Homeland Security recommended that the software be disabled unless it was "absolutely necessary" to use it. Even after the patch was issued, the same advice was repeated on Monday by the department's Computer Emergency Readiness Team (US-CERT).

This time however, an even worse zero-day flaw has been uncovered which very few people know about. This makes it much more dangerous, since the window of opportunity for exploitation is bigger. Security blogger Brian Krebs, discovered this new flaw by visiting an exclusive cybercrime forum where since Monday (Jan 14th) an exploit kit was being peddled by the site's admin for a staggering $5,000 to two lucky buyers - who were even invited to outbid each other! This exploit is present in the latest version of Java (v7 update 11) and crucially, not in any previous exploit kit, thereby allowing the seller to command a high price for it. His sales pitch is quoted below and it appears that the site's admin has since found a second buyer, because the thread has now been deleted.

Read more...

News Source: Email

Microsoft Promises Fix for IE Security Flaw in Next Few Days

Posted by Donster on: 2012-09-19 15:19:06 in category: Virus/Spam/Security News [ Print ]

By Steven Musil @ CNET News

Microsoft said today it will issue a fix soon for a security flaw that affects users of Internet Explorer versions 6 through 9.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. The flaw is being actively exploited to deliver a back-door trojan known as "Poison Ivy."

The software giant said in a security advisory this afternoon that a solution to the flaw would be released in the next few days.

Read more...

News Source: Email

Microsoft's Patch Tuesday Update Confronts a BEAST of a Security Flaw

Posted by Donster on: 2012-01-13 15:35:51 in category: Virus/Spam/Security News [ Print ]

By Paul Lilly @ HotHardware

It's a new year and already the first Patch Tuesday of Microsoft's monthly Windows update schedule has come and gone. If you ignored the update notification sitting your system tray, take a moment to let Windows Update do its thing, and as a reward for kicking procrastination to the curb, Microsoft will get rid of a BEAST that resides on your system.

We're not being dramatic, that's in reference to a so-called BEAST SSL security flaw that's among the many patches contained in the seven bulletins for the first Patch Tuesday of 2012. All but one are labeled "Important," and the remaining bulletin -- MS12-004 -- earned a "Critical" designation from Microsoft because of two possible Remote Code Execution vulnerabilities in Windows Media.

Read more...

News Source: Email

Microsoft Issues Temporary Fix for Critical Windows Hole

Posted by Donster on: 2011-11-04 17:29:44 in category: Virus/Spam/Security News [ Print ]

By Steven Musil @ CNET News

Microsoft issued a temporary fix this evening for a previously unknown critical Windows vulnerability being exploited by the Duqu Trojan to infect systems.

The software giant said in an advisory issued late tonight that a flaw in the Win32k TrueType font-parsing engine affected every version of Windows from XP through Windows 7. The vulnerability is related to the spread of the Duqu malware, a Stuxnet-like Trojan infecting computers via a Word document.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," the advisory warned. "The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Read more...

News Source: Email

Intel Demos DeepSafe Hardware-aided Security Technology

Posted by Donster on: 2011-09-13 16:20:59 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Intel demonstrated technology today that is designed to provide greater protection for computers from malware and other threats by taking advantage of features built into the processor.

Intel today showed off McAfee DeepSafe at the Intel Developer Forum, providing the first official glimpse into how the company plans to integrate the technology and expertise it got from the $7.68 billion acquisition of McAfee it announced last year and completed earlier this year.

Read more...

News Source: Email

Microsoft Leaks Patch Tuesday Details Ahead of Schedule

Posted by Donster on: 2011-09-12 16:21:42 in category: Virus/Spam/Security News [ Print ]

By Paul Lilly @ Maximum PC

Microsoft routinely issues advance notifications for its monthly Patch Tuesday update days before it goes live, that's not unusual. But the Redmond software outfit typically doesn't reveal the full extent of the patches through official "bulletins" until the day of release, which makes the weekend leak highly unusual.

The bulletins should have went live around 10AM Pacific/1PM Eastern tomorrow, September 13, but instead were posted over the weekend. You still have to wait until tomorrow to download the actual updates, which will stomp out 15 security bugs, each one rated "important." Two of them affect Windows, five apply to Excel, two apply to non-application Office components, and six have to do with SharePoint and related software.

Read more...

News Source: Email

New IE9 Update Fixes Several Security Flaws

Posted by Donster on: 2011-08-11 17:41:39 in category: Virus/Spam/Security News [ Print ]

By Lance Whitney @ CNET News

Microsoft has rolled out a new update for Internet Explorer 9 that fixes a host of different security holes.

Launched on Microsoft's familiar "Patch Tuesday," the August 2011 Cumulative Security Update for Internet Explorer is a critical one that resolves issues not just in IE9 but in versions 6, 7, and 8 as well, according to a Microsoft blog. The update is available through Windows Update, so IE users who have Windows automatic updates turned on should have already received it.

The patch takes care of five holes in IE that were disclosed in coordination with Microsoft and two others that were publicly revealed. The most serious of the security flaws could let a hacker run code on a remote PC if the user visits a malicious Web page. Microsoft also advises that people who run accounts without administrative rights are generally better protected against these types of exploits.

Read more...

News Source: Email

New AVG Suite Defends Your Digits

Posted by Donster on: 2011-07-28 16:31:58 in category: Virus/Spam/Security News [ Print ]

By Seth Rosenblatt @ CNET News

A new suite from AVG called Premium Security introduces one new feature that AVG Antivirus Free and AVG Internet Security lack: identity protection. AVG Premium Security 2011, available only to people in the United States and United Kingdom, includes a new personal data protection feature called Identity Alert.

The feature is a direct response to the interests of AVG customers, said the company's ambassador of free products, Tony Anscombe. "Identity on the PlayStation Network highlights it perfectly," he said. "Ninety-four million people were affected by the hacks, and the information was hosted on servers in Japan. This is a global problem."

Once registered for the service, it will warn you when your personal data such as e-mail address, telephone number, Social Security or National Insurance number, and credit card numbers are revealed on the Internet. It also includes a service that advises you on how to restore anonymity to your personal data, should it become compromised.

Read more...

News Source: Email

Internet Explorer 9 Utterly Dominates Malware-Blocking Stats

Posted by Donster on: 2011-07-19 16:02:25 in category: Virus/Spam/Security News [ Print ]

By Peter Bright @ Ars Technica

Internet Explorer 9's dual-pronged approach to blocking access to malicious URLs—SmartScreen Filter to block bad URLs, and Application Reputation to detect untrustworthy executables—provides the best socially engineered malware blocking of any stable browser version, according to NSS Labs' latest report. Internet Explorer 9 blocked 92 percent of malware with its URL-based filtering, and 100 percent with Application-based filtering enabled. Internet Explorer 8, in second place, blocked 90 percent of malware. Tied for third place were Safari 5, Chrome 10, and Firefox 4, each blocking just 13 percent. Bringing up the rear was Opera 11, blocking just 5 percent of malware.

Read more...

News Source: Email

Microsoft Issues Critical Patch for Windows 7, Vista Users

Posted by Donster on: 2011-07-12 15:26:22 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft released four security bulletins for Patch Tuesday today, including one that fixes a critical hole related to Bluetooth in Windows 7 and Vista and three less serious patches that plug 21 holes affecting all supported versions of Windows and Visio 2003.

The highest priority is MS11-053, which fixes a vulnerability that could allow an attacker to take control of a computer by sending malicious Bluetooth wireless packets.

Read more...

News Source: Email

Microsoft: One in 14 Downloads Is Malicious

Posted by Donster on: 2011-05-18 15:48:10 in category: Virus/Spam/Security News [ Print ]

By Robert McMillan, IDG News

The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious.

In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.

Read more...

News Source: Email

Report: Windows 7 Almost Five Times More Secure Than XP

Posted by Donster on: 2011-05-16 15:13:43 in category: Virus/Spam/Security News [ Print ]

By Lance Whitney @ CNET News

Windows 7 is four to five times less vulnerable to malware infections than is Windows XP.

Those are the findings of Microsoft's latest Security Intelligence Report (PDF), which detailed in depth the state of software vulnerabilities, exploits, security breaches, and malware in 2010.

Overall, the study found that infection rates for newer Microsoft operating systems with the latest service packs are consistently lower than those for older OSes, giving Windows 7 and Windows Server 2008 R2 the highest marks for security.

Looking at the number of reported infections per 1,000 computers, Microsoft found that Windows 7 64-bit had the lowest number at 2.5, while the 32-bit version had 3.8.

Windows XP with SP3 came in with 15.9 infections per 1,000, while XP with SP2 had the highest number at 19.3. Breaking down the numbers, Microsoft's stats mean that Windows 7 is around four to five times more secure than XP.

Read more...

News Source: Email

Ten-Year-Old, 2 Million PC Botnet Finally Killed; Stole up to $100M USD

Posted by Donster on: 2011-04-14 14:46:04 in category: Virus/Spam/Security News [ Print ]

Complaint has been issued against 13 foreign nationals, but there's no promises they won't get away with the loot

By Jason Mick @ DailyTech

It took ten years, but the U.S. finally has killed [press release and court documents] a notorious botnet spread by an ever-evolving virus known as "Coreflood". The botnet had been active since 2001, slowly building up an arsenal of 2 million computers worldwide, with the help of helper malware. It is responsible for stealing an estimated $100M USD worldwide from businesses and individuals.

A botnet is a group of infected machines that can be coordinated to steal information from the users of the machines. They can also be controlled to send malicious files, spam, phishing emails, or other unsavory contents.

The creators of Coreflood took special care in honing their attack package. What began as a trojan received over 100 updates, eventually gaining viral characteristics and the ability to steal passwords and credit card information.

Read more...

News Source: Email

Microsoft Prepping 17 Patches for 64 Holes

Posted by Donster on: 2011-04-08 14:58:40 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft will release 17 bulletins next week to fix 64 vulnerabilities across a swath of products including Windows, Office, and Internet Explorer, the company said in its Patch Tuesday preview.

Of the bulletins, nine are rated "critical" and eight are "important," the company said in a TechNet blog post today.

In addition to all versions of Windows; IE6, IE7, and IE8; numerous versions of Office for Windows and the Mac, affected software includes Visual Studio .NET and Visual C++, according to the advisory.

"This month we'll be closing some issues that Microsoft has already previously spoken to, including the SMB Browser (Critical) issue publicly disclosed Feb. 15. Microsoft assessed the situation and reported that although the vulnerability could theoretically allow Remote Code Execution, that was extremely unlikely. To this day, we have seen no evidence of attacks," the company said in its blog post.

Read more...

News Source: Email

Iran Linked to Massive Net Attack

Posted by Donster on: 2011-03-24 16:30:55 in category: Virus/Spam/Security News [ Print ]

By Emma Woollacott @ TG Daily

Iranian hackers are believed to be behind an attempt to hack the internet's Secure Socket Layer (SSL). If successful, it would have allowed the hackers to impersonate Google, Yahoo, Skype, Mozilla and Microsoft.

The SSL system uses digital certificates to guarantee identity, and it appears that the hackers somehow got access to the conmputer systems of Comodo, one of the firms that issues certificates.

"The attacker was well prepared and knew in advance what he was to try to achieve. He seemed to have a list of targets that he knew he wanted to obtain certificates for, was able quickly to generate the CSRs for these certificates and submit the orders to our system so that the certificates would be produced and made available to him," says Comodo.

Read more...

News Source: Email

Microsoft to Fix Four Holes in Windows, Office

Posted by Donster on: 2011-03-04 14:21:19 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Contrary to last month when Microsoft plugged 22 holes on Patch Tuesday, only four holes will be fixed in the company's monthly security update roundup next week.

There will be three bulletins, one of them rated "critical" for Microsoft Windows and the other two rated "important" and affecting Windows and Office, according to the preview advisory released today.

While they are few in number, they are not to be ignored. They all involve remote code execution, which means an attacker could force code to run on a target's machine and could lead to a complete takeover of the computer.

Read more...

News Source: Email

Valve Announces Steam Guard

Posted by Donster on: 2011-03-03 17:07:43 in category: Virus/Spam/Security News [ Print ]

Valve announced today a new Steam and Steamworks feature called Steam Guard, which gives users greatly increased account security.

Steam Guard allows users to link management of their account to a specific PC. Attempts to modify or change account settings by any other PC won't be possible without the user's approval.

Steam Guard will take advantage of upcoming Intel® Identity Protection Technology (Intel® IPT), an encrypted, hardware-based feature available with the new 2nd Generation Intel® CoreT and Intel® CoreT vProT processors. IPT generates a new numerical password every 30 seconds, integrating into the processor functionality that previously required a separate card or key fob.

Users will also be notified if any PCs other than those authorized by them attempt to log into or modify their account settings.

Steam Guard is available to third parties to incorporate into their own applications through Steamworks.

PRESS RELEASE

News Source: Email

Rogue AV Pimps Finally Show Love for Alternative Browsers

Posted by Donster on: 2011-03-03 15:12:25 in category: Virus/Spam/Security News [ Print ]

Ruse spoofs Firefox, Chrome, Safari

By Dan Goodin @ The Register

For years, ads pimping malware disguised as legitimate antivirus programs have gone to great lengths to mimic the look and feel of Microsoft's Internet Explorer browser and Windows operating system. Now Mozilla Firefox, Google Chrome, and Apple Safari are getting the same treatment.

A security researcher from Zscaler has recently uncovered a campaign that's tailored to the browser that the intended victim is using. Those with IE will see the same tired graphic depicting a Windows 7 security alert, but look what happens when the visitor is using Firefox.

Read more...

News Source: Email

Online Banking Hit By Thieves

Posted by Donster on: 2011-02-22 16:18:44 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

A new Trojan dubbed "OddJob" is stealing people's money by taking over their online banking sessions after they think they've logged off.

The Trojan, which targets Windows-based computers, is being used by criminals in Eastern Europe to steal money from accounts in the United States, Poland, and Denmark, Amit Klein, chief technology officer of Trusteer, writes in a blog post today.

Klein said in an e-mail that he could not identify the banks being targeted or provide an estimate on the number of victims.

"It is early days for this malware," he said. "It appears to be a work in progress, so we expect the code to become more sophisticated over time."

Read more...

News Source: Email

Conficker Prompts Windows Autorun Lockdown

Posted by Donster on: 2011-02-09 14:41:35 in category: Virus/Spam/Security News [ Print ]

Source: TG Daily Staff

Microsoft has issued a security patch that changes how earlier versions of its flagship Windows operating system handles security when reading "non-shiny" storage media.

"Windows 7 already disables Autorun for devices such as USB thumb drives, which prevents malware lurking on such drives from loading itself onto computers without user interaction," said Microsoft spokesperson Angela Gunn.

"[Now], earlier versions of Windows gain that security-conscious functionality as well. We believe this is a huge step towards combating one of the most prevalent infection vectors used by malware such as Conficker."

Read more...

News Source: Email

Microsoft to Seal 22 Security Holes this Month

Posted by Donster on: 2011-02-04 15:14:38 in category: Virus/Spam/Security News [ Print ]

By Josh Lowensohn @ CNET News

Microsoft today said it will address 22 vulnerabilities as part of next week's Patch Tuesday, three of which are critical.

Three of the 12 bulletin items released by Microsoft earlier today are classified as critical, and affect Microsoft's Windows operating system, with one affecting Microsoft's Internet Explorer browser as well. The rest are classified as "important."

In a post on Microsoft's Security Response Center blog, the company said it will be making fixes for vulnerabilities in the Windows Graphics Rendering Engine, as well as CSS exploit in Internet Explorer that could allow an attacker to gain remote code execution.

Read more...

News Source: Email

Mozilla Offers Do-Not-Track Tool to Thwart Ads

Posted by Donster on: 2011-01-24 15:47:51 in category: Virus/Spam/Security News [ Print ]

By Stephen Shankland @ CNET News

Mozilla, acting on a U.S. Federal Trade Commission proposal, has offered a detailed mechanism by which Firefox and other Web browsers could prevent Web pages from tracking people's online behavior for advertising purposes.

With Mozilla's do-not-track technology, network data packets from the browser would signal to a Web site that a person doesn't wished to be tracked. Then comes the tricky part: getting Web site operators to cooperate.

Read more...

News Source: Email

Microsoft Plugs Three Windows Holes, Works on Others

Posted by Donster on: 2011-01-12 16:54:25 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft today issued two bulletins fixing three holes in Windows, including one rated critical for Windows XP, Vista, and Windows 7 as part of Patch Tuesday.

"We are not aware of proof-of-concept code or of any active attacks seeking to exploit the vulnerabilities addressed in this month's release," the company wrote in a Microsoft Security Response Center blog post.

The critical vulnerability is addressed in Bulletin MS11-002. The bulletin fixes the critical hole and an "important" vulnerability, both in Microsoft Data Access Components, that could allow an attacker to take over the computer if a user merely viewed a malicious Web page.

Read more...

News Source: Email

Obama to Hand Commerce Dept. Authority Over Cybersecurity ID

Posted by Donster on: 2011-01-10 14:48:25 in category: Virus/Spam/Security News [ Print ]

By Declan McCullagh @ CNET News

President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.

It's "the absolute perfect spot in the U.S. government" to centralize efforts toward creating an "identity ecosystem" for the Internet, White House Cybersecurity Coordinator Howard Schmidt said.

That news, first reported by CNET, effectively pushes the department to the forefront of the issue, beating out other potential candidates, including the National Security Agency and the Department of Homeland Security. The move also is likely to please privacy and civil-liberties groups that have raised concerns in the past over the dual roles of police and intelligence agencies.

The announcement came at an event today at the Stanford Institute for Economic Policy Research, where U.S. Commerce Secretary Gary Locke and Schmidt spoke.

The Obama administration is currently drafting what it's calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.)

"We are not talking about a national ID card," Locke said at the Stanford event. "We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities."

Read more...

News Source: Email

Microsoft Warns of Windows Flaw Affecting Image Rendering

Posted by Donster on: 2011-01-05 15:46:07 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft warned today of a Windows vulnerability that could allow an attacker to take control of a computer if the user is logged on with administrative rights.

To be successful, an attacker would have to send an e-mail with an attached Microsoft Word or PowerPoint file containing a specially crafted thumbnail image and convince the recipient to open it, Microsoft said in its advisory, which also contains information on workarounds.

An attacker also could place the malicious image file on a network share and potential victims would have to browse to the location in Windows Explorer.

Read more...

News Source: Email

Microsoft to Boost Security of Office 2003, 2007

Posted by Donster on: 2010-12-14 14:47:04 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft plugged 40 holes with 17 patches today and said it will improve the security of Office 2003 and Office 2007 by adding a feature to the older versions of its productivity software that opens files in Protected View.

Customers should focus on the two critical bulletins that are part of Patch Tuesday, says Jerry Bryant, group manager for response communications in Microsoft's Trustworthy Computing Group. The first is MS10-090, a cumulative update for Internet Explorer. It fixes seven vulnerabilities in the browser and affects IE 6, 7 and 8. There have been attacks targeting IE 6 on Windows XP, Bryant said.

The other critical bulletin is MS10-091, which fixes several vulnerabilities in the Windows Open Type Font driver. It affects all versions of Windows, primarily on third-party browsers that natively render the Open Type Font, which IE does not, according to Bryant.

Read more...

News Source: Email

Mozilla Plugs Up 13 Security Holes with Latest Firefox Update

Posted by Donster on: 2010-12-10 14:36:05 in category: Virus/Spam/Security News [ Print ]

By Paul Lilly @ Maximum PC

Those of you rocking Firefox 3.6.x, go ahead and check to see if you've automagically downloaded the latest update, version 3.6.13 (or 3.5.16 if you're still sitting pretty with Firefox 3.5). The latest update plugs more than a dozen security holes, including 11 deemed "critical," meaning the "vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browser," Mozilla says.

Mozilla addressed a variety of security issues, including Java security, crash and remote code execution using HTML tags inside a XUL tree, buffer overflows, and more.

You can install the latest update by navigating to Help > Check for Updates... or by grabbing the newest version HERE. 7.7 MB

News Source: Email

Ad-Aware Levels Up its Detection Engines

Posted by Donster on: 2010-12-06 15:27:51 in category: Virus/Spam/Security News [ Print ]

By Seth Rosenblatt @ CNET News

In its third update of the year, Ad-Aware receives a hefty change to how it protects you. Lavasoft's Ad-Aware 9 Free, available today exclusively on CNET Download.com, debuts two new detection engines as the company fights to keep its well-known freeware competitive.

Lavasoft first started changing Ad-Aware's protection engine more than a year ago in version 8.1, when it introduced Genotype. This heuristics-based technology identified identical snippets of code across multiple threat mutations. In version 9, Genotype receives support from what Lavasoft calls "Dedicated Detection". This tech looks inside files, analyzes the code, and creates a loose pattern for finding families of related malware. The company touts that a single dedicated detection signature can detect hundreds of thousands of threats. More importantly, Lavasoft expects that dedicated detection will lower false positive rates by creating more points of comparison.

Read more...

News Source: Email

AVG Update Borks Windows 7, Here's How You Can Fix It

Posted by Donster on: 2010-12-03 14:19:26 in category: Virus/Spam/Security News [ Print ]

By Paul Lilly @ HotHardware

If you're an AVG user having trouble booting into Windows 7, you have our condolences. Perhaps it might come as a small consolation that you're not alone, and chances are you did nothing wrong. The culprit, AVG says, is that the latest virus database -- 271.1.1/3292 (432/3292) -- released earlier this week is bricking systems with a STOP code.

Click Here for directions on how to fix the problem.

News Source: Email

And the Buggiest Software Award Goes to...Chrome!

Posted by Donster on: 2010-11-16 15:51:25 in category: Virus/Spam/Security News [ Print ]

By Paul Lilly @ Maximum PC

Google's Chrome browser is finally in first place, though not in any category the sultan of search wants to be in. The speedy browser topped Bit9's annual "Dirty Dozen" list of apps with the 76 found vulnerabilities, NetworkWorld reports.

The Dirty Dozen list is compiled based on information available from the National Institute of Standards and Technology's public National Vulnerability Database, so if Google has a beef with its ranking, Bit9 isn't to blame here, they're merely the messenger.

Taking up the No. 2 spot is Apple's Safari browser with 60 reported vulnerabilities, while Mozilla Firefox came in fifth with 51 flaws and Microsoft's Internet Explorer eighth with 32 flaws. In other words, all four major browsers made the list.

Outside of browsers, Microsoft Office was the worst offender, checking in at No. 3 with 57 flaws, followed by Adobe Acrobat (No. 4) with 54 vulnerabilities.

News Source: Email

Symantec: Stuxnet Clues Point to Uranium Enrichment Target

Posted by Donster on: 2010-11-15 15:35:57 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Symantec researchers have figured out a key mystery to the Stuxnet worm code that strongly suggests it was designed to sabotage a uranium enrichment facility.

The program targets systems that have a frequency converter, which is a type of device that controls the speed of a motor, Eric Chien, technical director of Symantec Security Response, told CNET today.

"Stuxnet is watching these devices on the target system that is infected and checking what frequency these things are running at, looking for a range of 800 hertz to 1200 Hz," he said. "If you look at applications out there in industrial control systems, there are a few that use or need frequency converters at that speed. The applications are very limited. Uranium enrichment is an example."

Read more...

News Source: Email

Adobe: Flash, Reader Hole Used in PDF Attacks

Posted by Donster on: 2010-10-29 15:33:01 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

A new critical vulnerability in Flash and Adobe Reader and Acrobat 9.x is being exploited to attack computers running the popular PDF viewer software, Adobe warned today.

Adobe is not currently aware of attacks targeting Flash Player, the company said in a blog post.

The bug is in Flash Player 10.1.85.3 and earlier versions for Windows, Mac, Linux, and Solaris, and Flash Player 10.1.95.2 and earlier for Android. It also is in the authplay.dll component in Reader 9.4 and earlier 9.x versions for Windows, Mac, and Unix, and Acrobat 9.4 and earlier 9.x versions for Windows and Mac. The component renders Flash content in the PDF viewer.

Adobe Reader and Acrobat 8.x and Reader for Android are not impacted by the flaw, the company said.

Read more...

News Source: Email

Firefox 3.6.12 Out to Fix Critical Bug

Posted by Donster on: 2010-10-28 15:36:32 in category: Virus/Spam/Security News [ Print ]

Source: TechConnect

Mozilla has let loose a new security update for its Firefox browser which addresses a critical vulnerability described in the advisory entitled 'Heap buffer overflow mixing document.write and DOM insertion' which could lead to remote code execution.

To keep safe from this one serious bug just download and install Firefox 3.6.12, or just use the browser's built-in upgrade function. Firefox 3.5 users can get the 3.5.15 release.

News Source: Email

Firefox 3.6.11 Patches Up Nine Vulnerabilities

Posted by Donster on: 2010-10-20 17:38:51 in category: Virus/Spam/Security News [ Print ]

Source: TechConnect

Mozilla just let loose another update for Firefox, bringing the popular open source browser to version 3.6.11. This latest release concentrates on stability and security fixes, the latter category tackling no less than nine vulnerabilities - five of which are rated 'critical'.

As always an update is recommended so see this page for the full Firefox 3.6.11 or just use the browser's built-in upgrade function. Firefox 3.5 has also received an update and is now at 3.5.14.

News Source: Email

Microsoft: Your Computer Could be One of 2.2 Million Infected Botnet PCs

Posted by Donster on: 2010-10-14 14:58:06 in category: Virus/Spam/Security News [ Print ]

U.S. leads the world in botnet virus infection rates

By Jason Mick @ DailyTech

According to a new 240-page security report from Microsoft dubbed the Security Intelligence Report, America is among the most infected countries in the world when it comes to botnets. The report uses information collected in the first half of 2010 via the Microsoft Malicious Software Removal Tool.

Over 2.2 million PCs in the U.S. are infected with a virus that makes them part of one of the internet's massive botnets. The term "botnet" refers to a group of connected computers that can be used for ill purposes such as spamming, distributed denial of service (DDoS) attacks, and mass credit card fraud.

Read more...

News Source: Email

Microsoft Fixes Record 49 Holes, Including Stuxnet Flaw

Posted by Donster on: 2010-10-12 15:38:50 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

In a record Patch Tuesday, Microsoft released updates today for Windows, Internet Explorer, and the .NET framework that feature fixes for 49 holes, including one being exploited by the Stuxnet worm.

Microsoft recently fixed two of the four unpatched holes being used by Stuxnet to spread to Windows-based machines. The malware ultimately targets systems running software from Siemens that is used in critical infrastructure operations. Today's release plugs one (MS10-073) of the remaining two holes and the company said in a blog post that the final hole will be addressed in an upcoming security bulletin.

Meanwhile, Microsoft provided a priority list for the 16 bulletins being released, which fix 6 holes that are rated "critical." Four vulnerabilities are singled out because there are likely to be exploits developed for them, according to a Microsoft blog that assesses the risks of the various vulnerabilities.

Read more...

News Source: Email

Microsoft to Fix 49 Holes in Windows, IE, Office, and .NET

Posted by Donster on: 2010-10-08 16:13:02 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

Microsoft will fix a record 49 vulnerabilities in its Patch Tuesday release next week that will involve 16 security bulletins affecting Windows, Internet Explorer, Office, and the .NET framework.

Four of the bulletins carry a "critical" rating, 10 are rated "important," and two are "moderate," according to the advisory.

They affect specifically Windows XP, Vista, Windows 7, Windows Server 2003 and 2008, Microsoft Office XP Service Pack 3, Office 2003 Service Pack 3, Office 2007 Service Pack 2, Office 2010, Office 2004 for Mac and 2008 for Mac, Windows SharePoint Services 3.0, SharePoint Server 2007, Groove Server 2010, and Office Web Apps.

Read more...

News Source: Email

Microsoft Wants 'Sick' PCs Banned from the Internet

Posted by Donster on: 2010-10-06 15:54:16 in category: Virus/Spam/Security News [ Print ]

By Emma Woollacott @ TG Daily

Microsoft is calling for infected PCs to be quarantined from the internet, with access denied unless they can produce a 'health certificate'.

In a position paper published this week, Scott Charney, the company's corporate vice president for trustworthy computing, argues that the world needs a common health policy that would prevent malware-infected machines from connecting to the internet.

"This approach involves implementing a global collective defense of internet health much like what we see in place today in the world of public health," he explains.

Charney cites school policies such as compulsory vaccination for students and quarantining of infected people as an example of the sort of thing he has in mind.

Read on...

News Source: Email

Stuxnet: Fact vs. Theory

Posted by Donster on: 2010-10-05 16:04:00 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

The Stuxnet worm has taken the computer security world by storm, inspiring talk of a top secret, government-sponsored cyberwar, and of a software program laden with obscure biblical references that call to mind not computer code, but "The Da Vinci Code."

Stuxnet, which first made headlines in July, is believed to be the first known malware that targets the controls at industrial facilities such as power plants. At the time of its discovery, the assumption was that espionage lay behind the effort, but subsequent analysis by Symantec uncovered the ability of the malware to control plant operations outright, as CNET first reported back in mid-August.

Read more...

News Source: Email

Symantec's Ubiquity Takes Broad View of Malware

Posted by Donster on: 2010-10-05 16:00:18 in category: Virus/Spam/Security News [ Print ]

By Lance Whitney @ CNET News

Symantec says it has a new method for combating malware, one that taps into a wider repository of information on potentially malicious code.

The security vendor today announced its new Ubiquity product, which combines data analyzed from the PCs of Symantec customers with Symantec's own Global Intelligence Network to combat new and mutating types of threats.

First featured in Symantec's Norton 2011 security product lineup and in its Hosted Endpoint Protection, Ubiquity is now gearing up for a rollout across a wider range of enterprise products in the coming year, starting with Symantec Web Gateway, the company said.

Read more...

News Source: Email

U.S. Testing Defenses with Simulated Cyberattack

Posted by Donster on: 2010-09-29 15:57:12 in category: Virus/Spam/Security News [ Print ]

By Lance Whitney @ CNET News

The U.S. government has launched a full-scale simulated cyberattack to gauge how the country might fare in the real thing.

Sponsored by the Department of Homeland Security, "Cyber Storm III" kicked off yesterday for a three-day series of simulated events designed to exploit holes in the nation's cybersecurity system.

Specifically, the exercise will "inject" more than 1,500 different types of threats to examine the ability of the people involved to prepare for cyberattacks, make the correct decisions to respond to them, and share sensitive information with the right parties.

Read more...

News Source: Email

Cars: The Next Hacking Frontier?

Posted by Donster on: 2010-08-31 14:52:13 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

That nice, new, computerized car you just bought could be hackable.

Of course, your car is probably not a high-priority target for most malicious hackers. But security experts tell CNET that car hacking is starting to move from the realm of the theoretical to reality thanks to new wireless technologies and evermore dependence on computers to make cars safer, more energy efficient and modern.

"Now there are computerized systems and they have control over critical components of cars like gas, brakes, etc.," said Adriel Desautels, chief technology officer and president of NetraGard, which does vulnerability assessments and penetration testing on all kinds of systems. "There is a premature reliance on technology."

Read more...

News Source: Email

Bad Flash Drive Caused Worst U.S. Military Breach

Posted by Donster on: 2010-08-27 15:59:32 in category: Virus/Spam/Security News [ Print ]

By Elinor Mills @ CNET News

A malware-laden flash drive inserted in a laptop at a U.S. military base in the Middle East in 2008 led to the "most significant breach of" the nation's military computers ever, according to a new magazine article by a top defense official.

The malware uploaded itself to the U.S. Central Command network and spread undetected on classified and unclassified computers creating a "digital beachhead, from which data could be transferred to servers under foreign control," William J. Lynn III, U.S. deputy secretary of defense, wrote in his essay in the September/October issue of Foreign Affairs.

Read more...

News Source: Email

Newegg Password Reset Scam: A Harbinger of Threats to Come?

Posted by Donster on: 2010-08-26 15:43:54 in category: Virus/Spam/Security News [ Print ]

By Adam Wosotowsky @ McAfee Labs Blog

McAfee Labs has detected a new strain of spam in the wild that is not only a sophisticated forgery of a Newegg purchase receipt, but also appears to be abusing Newegg’s own password reset system to further the scam.

The spammers are taking advantage of the password reset option on the Newegg website to generate an email to the victim announcing that a password reset is required. This ruse cannot be used to determine if an account exists because the Newegg site returns the same text if you request a password reset on an actual or nonexistent account. So directory harvesting does not appear to be the attackers’ goal. Newegg’s password reset option is not protected by any sort of CAPTCHA authentication, so this process is probably being scripted as part of the spam campaign. The password reset request does not actually reset the password unless the recipient clicks on the email that is sent. In all likelihood this scam is designed to make the recipient anxious by suggesting an unauthorized individual has attempted to access the account.

Read more...

News Source: Email

© 2024 COMBATSIM.COM - All Rights Reserved